Acunetix Web Vulnerability Scanner 7

A manual search for vulnerabilities would simply take too much time, so penetration testers usually use an automated web vulnerability scanner to do the preliminary work for them. After it has found what there was to find, each vulnerability can be reviewed by the penetration testers themselves. Acunetix has long had the reputation of manufacturing one of the best tools for this kind of job.

In this day and age, and in the majority of cases, the company website is where potential customers get a first glimpse at your company. Will it be love at first sight?

The design is important, as well as an easy navigation. Striking the right balance between giving enough information to pique the customers’ interest but not too much to overwhelm them with unnecessary information is also a challenge. But, above all, this first glimpse should never include a failure to load or a defaced or in any other way compromised homepage.

And to be certain that every request for the website is fulfilled as it should be, you have to be sure that your website doesn’t possess vulnerabilities that can be exploited by attackers to gain access to backend corporate databases or to use your site for their own malicious purposes.

A manual search for vulnerabilities would simply take too much time, so penetration testers usually use an automated web vulnerability scanner to do the preliminary work for them. After it has found what there was to find, each vulnerability can be reviewed by the penetration testers themselves.

Acunetix has long had the reputation of manufacturing one of the best tools for this kind of job. The company has recently released a new version of their Acunetix Web Vulnerability Scanner (v.7), and has rewritten most of its core components – making it faster and better.

The new features include a new scanning engine that detects a wider range of vulnerabilities, improved web 2.0 application support and session management handling, ability to rescan a specific vulnerability to verify remediation, less false positives and negatives, a lesser chance of breaking down a website while scanning, and more.

To install the software, you will be needing some 200 MB of available hard-disk space, although in the end the program takes approximately just 59 MB of space. The installation procedure is very straightforward, you only need to choose where the program will be installed and whether you want to install the Acunetix Firefox toolbar that will allow you to audit individual pages directly from the browser.

The software’s welcome screen (click on the screenshots to enlarge them):

When starting a new scan, you must decide which scanning option is for you: single website, a list of websites, a range of computers (IP addresses) or a scan of a saved site structure you have already “crawled” with the Site Crawler tool but have yet to scan:

Then define which technologies the scanner will test, crawling and scan options, and configure login details for password protected areas of the target site:

As the scanning process yields results, you can go through them without having to wait for the whole process to end – a great time-saving feature of this software.

Details of found vulnerability:

Since scanning a random site means that the scanner will initiate a series of attacks against the website or the web application – possibly crashing it – I tested websites offered by Acunetix, which offer a convenient range of vulnerabilities.

The Scanner itself has a very clear-cut GUI, which allows you to keep your eyes on the process the whole time. In the left column, you can switch between the various tools, configuration settings, various options and help files with a click of a mouse:

The middle column contains the scan results – found vulnerabilities and other errors and risky site features such as broken links and the unencrypted transmission of user credentials, port statuses, a list of open ports, details about the site structure, and cookies. Clicking on each of them reveals further details and offers remedies for the risk they pose. The activity window in the bottom shows you in real time what the scanner is doing at the moment.

The AcuSensor Technology incorporated into the scanner – if enabled – places sensors inside the source code in order to see how it behaves during scanning, and along with the use of black box scanning techniques manages to detect more vulnerabilities (and their exact place in the source code) than it would be possible when using each of these techniques independently of the other.

And while the Scanner is a great tool to automate what would otherwise be a very tiring process of detecting site or web application vulnerabilities, the other tools bundled with it are a great help to penetration testers as they embark into the mission of manual analyzing and further testing.

The Port Scanner and the Target Finder allow you to discover web servers within a range of IP addresses and to detect which ports are open. The Subdomain Scanner identifies active subdomains, and the Blind SQL Injector extracts data from the web server for further analysis if an exploitable SQL injection vulnerability has been detected.

The HTTP Editor and the HTTP Fuzzer are also particularly handy tools that allow you to write custom HTML requests and test them against the site in order to debug them with the help of the HTTP responses, and to throw various fuzzing data at the web application in order to test how it handles it. With the HTTP Fuzzer, you can create custom rules that will, once again, automate a process that would otherwise be time-consuming and nerve-fraying:

The Authentication Tester allows you to initiate dictionary attacks against login pages or any other kind of authentication, and while two lists with common usernames and passwords is already provided by the software, you can also add lists of your own.

Bundled with the Scanner is also the Acunetix WVS Reporter – for, what good is all the fast scanning and time-saving if you must struggle and waste time for presenting the results in a well-organized and helpful manner later?

By simply importing the scan results and choosing the type of report you need (Detailed Scan Report, Developer Report, Executive Summary, Compliance Report and a few others), you are presented with it within seconds. Save it, print it, export it to various formats – whatever you need to do:

Using the Scanner Toolbar requires simply that you navigate to the site you wish to test. Before starting the scan, modify the settings to your liking:

Of course, the results of this scan will not be as extensive as those provided by the software – and, the process is much faster.

The verdict

Acunetix WVS is an extremely helpful and enjoyable software. With the new multi-threaded scanner, the whole process is much, much faster than before.

Some tools were improved (HTTP Sniffer) and a number of security checks have been included in this new version – such as the automatic check for DOM XSS vulnerabilities, tests for stored SQL injection, file inclusion, file tampering, code execution and more, and advanced WebDav auditing checks. Also, a wider variety of content-types is supported.

This software offers the best of both worlds: the automatic scanner that executes a quality triage of the target, and handy tools that allow you to test manually all those things that need your particular attention. If I had to single out those tools I found most helpful, I would have to say the Compare Editor and Fuzzer tools, but all in all, Acunetix WVS is a great compilation that can’t fail to satisfy even the most fastidious penetration tester.